Dangers you can encounter when using C++.

cpp_dangers.md

About

Dangers you can encounter when using C++.

Calling virtual functions from a constructor or destructor is dangerous and should be avoided whenever possible.

• https://embeddedartistry.com/blog/2017/2/27/never-call-virtual-functions-during-construction-or-destruction
• https://stackoverflow.com/questions/962132/calling-virtual-functions-inside-constructors

Uninitialized data (Initialization in C++ is bonkers)

• https://blog.tartanllama.xyz/initialization-is-bonkers/
• https://mikelui.io/2019/01/03/seriously-bonkers.html
• http://nullptr.nl/2018/02/initializing-variables/
• https://riptutorial.com/cplusplus/example/7999/using-an-uninitialized-local-variable
• https://help.semmle.com/wiki/display/CCPPOBJ/Potentially+uninitialized+local+variable
• http://timur.audio/initialisation-in-c17-the-matrix

Solutions:

• https://www.reddit.com/r/cpp/comments/76p8y9/how_not_null_can_improve_your_code/

Virtual destructor

• https://www.modernescpp.com/index.php/c-core-guidelines-destructor-rules

Integer division

Floating point comparison

= vs ==

Mixing signed and unsigned values

delete vs. delete[]

Switch statements without break

this in constructor or destructor

zero divizion

“static initialization order ‘fiasco’

• https://isocpp.org/wiki/faq/ctors#static-init-order

UB when accessing another field, then one which was set

• https://stackoverflow.com/questions/11373203/accessing-inactive-union-member-and-undefined-behavior

overflow

• https://riptutorial.com/cplusplus/example/16511/floating-point-overflow Solutions:
• safe numerics / checked math https://chromium.googlesource.com/chromium/src/+/refs/heads/master/base/numerics/

Order of evaluation

foobar(foo(), bar()); It is not defined, whether foo() will be called before or after bar() has returned. That’s just silly. Also: x=x++ undefined

• https://whydoesitsuck.com/cpp-sucks-for-a-reason/
• https://blog.jayway.com/2015/09/08/undefined-behaviour-in-c-when-adding-to-map/
• NOTE for C++17: https://www.bfilipek.com/2017/06/cpp17-details-clarifications.html

Using smart pointers, such as auto_ptr, unique_ptr, shared_ptr, with arrays is also incorrect

https://www.toptal.com/c-plus-plus/top-10-common-c-plus-plus-developer-mistakes

Allowing Exceptions to Leave Destructors

https://www.toptal.com/c-plus-plus/top-10-common-c-plus-plus-developer-mistakes

Passing an Object by Value (memory)

https://www.toptal.com/c-plus-plus/top-10-common-c-plus-plus-developer-mistakes

Auto Type Conversion / forgotten explicit

https://devblogs.microsoft.com/oldnewthing/20060524-12/?p=31083

Lifetime

Solutions:

• https://www.youtube.com/watch?v=VynWyOIb6Bk This is an experience report of the Clang-based implementation of Herb Sutter's Lifetime safety profile for the C++ Core Guidelines, available online at cppx.godbolt.org.

spurious wakeup (threads & condition_variable)

• https://f0b0s.blogspot.com/2013/04/spurious-wakeup.html

TODO

• https://blog.tartanllama.xyz/guaranteed-copy-elision/

Want more?

• http://gotw.ca/gotw/
• https://www.codeproject.com/Articles/5164537/Dark-corners-and-pitfalls-of-Cplusplus
• https://www.learncpp.com/cpp-programming/eight-c-programming-mistakes-the-compiler-wont-catch/
• SEI CERT C++ Coding Standard https://wiki.sei.cmu.edu/confluence/display/cplusplus/2+Rules
• CppCoreGuidelines https://github.com/isocpp/CppCoreGuidelines
• https://www.quora.com/What-is-the-most-dangerous-C-line-of-code
• https://blog.tartanllama.xyz/learning-cpp/
• https://help.semmle.com/wiki/display/CCPPOBJ/No+virtual+destructor
• https://isocpp.org/wiki/faq
• https://stackoverflow.com/questions/31578195/is-there-a-list-of-cppcheck-messages
• https://www.doc.ic.ac.uk/lab/cplus/c++.rules/
• http://www.stroustrup.com/bs_faq2.html
• https://www.jetbrains.com/help/resharper/Reference__Code_Inspections_CPP.html#ClangStaticAnalyzer
• https://www.quora.com/What-are-common-programming-errors-or-gotchas-in-C++
• https://jip.dev/notes/cpp/
• https://stackoverflow.com/questions/4780410/secure-c-coding-practices
• https://github.com/utilForever/16thHC-SecureCpp
• https://abseil.io/tips/61
• https://www.toptal.com/c-plus-plus/top-10-common-c-plus-plus-developer-mistakes
• https://www.horstmann.com/cpp/pitfalls.html
• https://stackoverflow.com/questions/30373/what-c-pitfalls-should-i-avoid
• https://www.viva64.com/en/b/0429/
• Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions
• https://locklessinc.com/articles/10_problems_with_cpp/
• https://news.ycombinator.com/item?id=11147031
• C++ Gotchas: Avoiding Common Problems in Coding and Design https://pdfs.semanticscholar.org/3b4d/ca90644c5c3ef072d0d6243da2bf200ef029.pdf
• https://github.com/lefticus/cppbestpractices
• https://www.acodersjourney.com/top-25-cplusplus-api-design-mistakes-and-how-to-avoid-them/
• https://www.nayuki.io/page/undefined-behavior-in-c-and-cplusplus-programs

Report crash to server

• Crashpad https://help.backtrace.io/en/articles/2337714-crashpad-integration-guide

record metrics

• TRACE_EVENT0 & browser://tracing https://habr.com/ru/post/256907/

task runners

• https://chromium.googlesource.com/chromium/src/+/master/docs/threading_and_tasks.md

callbacks

• https://chromium.googlesource.com/chromium/src/+/HEAD/docs/callback.md

Abstractions and Data Structures

• folly
• abseil
• base https://www.chromium.org/developers/coding-style/important-abstractions-and-data-structures & https://www.suninf.net/2014/05/lazy-instance-in-chrome.html

refl

• A clean implementation of reflection and related proposals. https://github.com/asutton/clang-reflect
• C++ to C++ code generation tool (enum2string conversion, serialization, reflection etc.) https://github.com/flexferrum/autoprogrammer

Use -Wlifetime from https://github.com/mgehre/llvm-project (lifetime branch)

add Lifetime Safety Profile in Clang -Wlifetime -Wlifetime-pointer-arithmetic

• https://github.com/mgehre/llvm-project (lifetime branch)
• https://github.com/mattgodbolt/compiler-explorer-image/blob/da00729130432dc7240fec7ae067e0c0ebcabc4b/clang/build/build-lifetime.sh#L27
• https://devblogs.microsoft.com/cppblog/lifetime-profile-update-in-visual-studio-2019-preview-2/
• https://ciura.ro/presentations/2019/Conferences/Better%20Tools%20in%20Your%20Clang%20Toolbox%20-%20Victor%20Ciura%20-%20C++%20on%20Sea%202019.pdf
• https://herbsutter.com/2018/09/20/lifetime-profile-v1-0-posted/
• http://open-std.org/JTC1/SC22/WG21/docs/papers/2018/p1179r0.pdf

Bad Syntax? Solutions?

• https://gist.github.com/blockspacer/6f03933de4f9a6c920649713b056ba4a#gistcomment-3005371
• SugarCpp
• https://github.com/dobkeratops/compiler

misc
https://github.com/golang/go/wiki/GoForCPPProgrammers